Tuesday, November 15, 2011

System Fix is a type of malware commonly known as rogueware that attempts to steal money from victims by luring them into paying to fix nonexistent system errors and threats. If you think that it does have some rudimentary PC repair software functionality then you are wrong. With such a generic name and Microsoft trademarks, System Fix tries to pass off as a legitimate computer repair program. However, it's nothing more but a scam. Rogue programs are considered one of the most prevalent and dangerous threats lurking on the Web today. The goal of cyber crooks is to profit from malicious software. Infected computer are widely used for malicious criminal activities such as spamming and distributing malware.

If this fake PC repair program took over your computer, there's a great chance it also installed more sophisticated malware, very often TDL3/4 rootkit or Rootkit.Boot.SST, to avoid antivirus detection and to block malware removal tools. Most rogues don't show suspicious behaviors, so antivirus companies have to focus on signatures. In a previous writeup, we examined how to remove a rogue program called Data Recovery. System Fix is from the same family of malware and it hasn't been updated recently. It's just another name, but the infection is 100% the same. We'll show you how to rid of it or at least disabled it long enough to remove it. To remove System Fix malware from your computer, please follow the removal instructions below.

Rogues share a number of commonalities:

blocks legitimate anti-malware software

displays fake hard drive pre-failure warnings and notifications

mimics genuine products

complete system scan is super fast and completely false

it proceeded to pretend to fix the critical problems it claimed to have found on a brand-new

installation of Windows

hides Windows icons and shortcuts to make you think that your hard drive is going to fail

Fake system errors:

Most rogue programs go beyond aggressive marketing to sell software that has no functionality. System Fix is a good example of such misleading software. Users, naturally worried about the supposed critical system error, will often buy the license. Don't blame yourself if you fell for this scam. Cyber crooks adopted scareware on a massive scale and about 2-3% of victims will probably buy it. Instead of blaming yourself, call your credit card company and dispute the charges. Or even better, cancel your credit card and create a new one. Cyber cooks may use stolen credit card details again. Last, but not least, install solid antivirus software and keep it up to date. And next time, do a research before paying for software you didn't go looking for it. Good luck and be safe online!

Before continuing with the removal instructions, you can use cracked registration key and fake email to register System Fix. This will allow you to download and run any malware removal tool you like and restore hidden files and shortcuts.

mail@mail.com
15801587234612645205224631045976 (new code!)

mail@mail.com
1203978628012489708290478989147 (old code, may not work anymore)

1. Open Internet Explorer. If the shortcut is hidden, pelase Select Run... from the Start Menu or just hit the key combination CTRL+R on your keyboard. In the Open: field, enter iexplore.exe and hit Enter or click OK.

2. Download and run this utility to restore missing icons and shortcuts.

3. Now, please download TDSSKiller and run a system scan. Remove found rootkits as shown in the image below. Reboot your computer if required.

Please note that your computer might be rootkit free, not all version of System Fix comes bundled with rootkits. Don't worry if TDSSKiller didn't find a rootkit.

The money back guarantee is worthless. The information they give you to contact them is bogus. I have emailed both email address on the receipt, but they are definitively going to be ignored. The only way to get my money back is to contact the credit card company and cancel the charges. It may take some time, but I do not care how long my wife will need to stay on the phone. I will get justice. Here is something else they sent me. Thank you for purchase, System Fix!Your activation code: 1203978628012489708290478989147Please use this download link to install System Fix if your software copy has been removed or lost. yourlicensehot.com/license/download/system_fix.exeContact us through Help&Support section in the System Fix menu or by phone +1.8662065623

Johnny Harris, thank you for your comments. Yes, I'm afraid the only way to get your money back is to dispute the charges. Besides, I think you should cancel your credit card and create a new one. They now have your credit card details.

Great article. Interesting to see all the comments in the last couple days, I wonder if some new infection of this just got spread around. I also recall an Adobe Flash update in the last couple of days, probably that's the cause of it.

Thanks for this, it really was a lot of help!!I also downloaded an adobe update and I wasn't even on a suspicious site or anything.I have Avast and after the adobe update my Avast popped up to put a suspicious exe in the sandbox to run it.Then the whole crap started with systemfix, I guess it busted thruw the sandbox, I wonder how this is possible.Well I got rid of it thanks to these steps.

Which instructions are you all being grateful for? the manual instruction or the one which makes you buy another software? PLEASE PEOPLE, BE MORE SPECIFIC!!!Did anyone follow the manual instructions?Cheers

STOPZILLA asks for registering before it can delete...I ran a full 8 hr scan and it showed somany viruses but I'm not able to delete because I need registration code...anyone Please help....I tried unistalling also and it did not give it for free

Ah ha! A fake Flash update. I used a similar approach to remove the malware from my wife's laptop, but now it's running incredibly slow, basic functions, like launching a browser, are causing the machine to slow to a stop. Anyone else having this issue?

hello? is anybody out there? i got theMal/FakeAv-OP and fought the thing for days. had use of everything if you could find a way. i found an exe. file in c:Doc~~Data. i tried to delete it but it would not allow me because it had an icon going on in the task bar. i discovered the way to delete it. but my PC is messed up now. all my shortcuts seem to be (empty) ?? any help would be appreciated. my PC seems to be working faster

hey, everybody/anybody out there, did i mess up my pc by deleting the offending Mal/FakeAV-op files before seeking help on-line? i didn't use any software. is that ???.sst file stuff for real? i didn't want to download anything without knowing what it was. WEBROOT was running when it hit me. anyway, if deleting the files while(sort of) they're running would help out anybody, i would be more than happy to share. thanks for any help

Help, i followed instructions but all of my internet access seems to have been wiped out also !! Therefore i cant access the software. Is this a consequence of system fix and how do i continue, ps. I am very IT illiterate so any instructions would be very welcome

hey Anonymous, Admin is right. if you can get to 'windows explorer', right click where files and folders should be and select properties. uncheck the hidden box and the files will show up again.hey Admin, i cannot see my 'programs' directory in c: i will try the above mentioned advice. all programs in my start menu show 'empty'. i still only see 'Docs & Settings' folder in c: in windows explorer.thanks again Admin

hey Admin, i ran Unhide.exe and i now have most of the files showing. my 'Local Disk(c:)' is still only showing 'Docs & Settings' folder. i am sure my files are still there because when i check Properties, it shows a nearly full hard drive. also, my 'start menu''programs' list is still showing (empty). any ideas? thanks for the heads up

Anonymous, if you can see your c:\Docs&Settings\AppData\???? files, check to see if you have an .exe file in it. My directory had all FOLDERS of programs my PC runs and three other files. one of the three was ?'nB74Hmfu83(etc. etc.) .exe? (the name of this file changes every time you reboot. At the left of that file was an icon that matched the icon in the task bar(the strip at the bottom of your desktop). When i tried to delete the file, i got an error message telling me the file was in use(the icon in task bar) and would not let me delete it. i finally found a way to delete it but it may not be the best way to get your PC back to normal(as i have described). i set up a small window showing me the bad file i wanted to delete and then i clicked the right button on the 'error message'. It was labeled 'scan and reboot'(i think). The icon in the task bar disappeared for about 5 to ten seconds. During that 5 to 10 seconds, I deleted the file. it froze up my PC. I rebooted and have not had any more bogus error messages but my start menu and c: drive is still not right. I was able to access the internet by selecting 'upgrade' on the active icons at the right end of the task bar. 'Upgrade' would start the default browser. I have no access to my 'Program' files so i can't create shortcuts.I may have made a big mistake deleting that stuff manually.Any help from anybody would be greatly appreciated.

Admin,this is to update my attempts at restoring my PC. i downloaded restoresm.zip When i extracted, all that was in it was a .bat file. I'm not good enough at this PC stuff to know what to do with that. i tried running the .bat file and saw a flash of a shell. it was just a short flash. i can't tell if it did anything.thanks again and for any future help from out there.

Admin, following on that my internet does not work, unhide.exe cannot be found, my printer does not work, my orange livebox is said to be disconnected and all power from usb points has gone!!! Do i have a serious issue or can system fix really do all of this damage. Btw, my pc is 10 yrs old with windows xp professional ( in case this leads to a different solution?), thanks for any advice !

Hey, I need help, I think I've screwed my computer. I have a long explanation of what happened:

I received the system fix virus and went on to this computer (from which I'm typing from now) to find a solution. I went to the deleterogues.blogspot blog and followed the instructions there. As instructed, I rebooted my PC in safe mode with networking, and started downloading Spyware Doctor. I did some further reading and discovered that Spyware Doctor apparently does not fully remove the virus.

I heard that Malwarebytes should do the trick, and since I already had it, I tried loading it up, but it gave me an error message and would not open. So I uninstalled it, and put Malwarebytes on my flash drive from this PC. Next, I installed it on my infected PC from my flash drive and ran a scan. Indeed, it found the virus (fake.alert) and found a couple of other viruses. I then had the program clean my computer. The program prompted me to restart my computer after it finished cleaning everything up, and I gave it the OK. After my PC had restarted and reached the "Welcome" screen for Windows XP, my computer suddenly restarted. I thought perhaps it was my flash drive that was causing the problem, and, in a move that's likely very stupid, I removed the flash drive, and my PC, almost on cue, blue screened, and the computer restarted before I completely read the screen (I did catch that it was shutting down to save data). Upon it restarting, Windows detected an improper shutdown and asked me in which mode I wanted to start Windows. I chose to start Windows normally. About 2 seconds after choosing this option, my PC restarted again, and I got the same screen as before. This time, I chose to start windows in safe mode with networking. Once again, the PC restarted. I tried one more time, and it did the same thing, so I just shut it off.

Did I just screw up my PC? Is there anyway to save my data? Thanks in advance for any help.

Follow up to November 28, 2011 10:32 AM Looks like all is fixed. But I had to manually delete the System Fix executable files, randomly named, but date stamps from 1/2 hour ago, located in C:/ProgramData folder.Thanks ! you're the man!!

i got all the way to downloading the stopzilla, when i finally got the program to open it said a quickscan had found 6 programs and quarantined them, but when i try to perform the scan to view them it says that the items can only be fully removed by subscribing the product?

Anne, don't buy anything. "people-who-have-paid" stories are at the top of this blog. no luck. I had my PC almost completely back except C: only displayed 'Docs and Settings...' I tried sfc/scannow in command prompt and lost the OS. I FORGOT TO DO ALL THAT IN SAFE MODE... oh well. trying to retrieve PICS and My Docs from HHD now. what fun. good luck everybody

I got the System Fix virus on December 1st. We have since read everything we could find on it and removed everything we canfind. The problem is that my computer will not go on the internet. Any help would really be appreciatedl

I got this virus Friday after getting a similar one a week before ("Privacy Protection"). Also from a fake Flash update from a free TV site. I couldn't delete the malware files because they were always running. The way I got rid of both was to restart my PC and as soon as I had a chance, rename the malware exe files. It seemed to keep them from preventing deletion. The System fix dumped a lot of my files though. It completely emptied iTunes of over 7,000 songs and videos! Luckily I had them in Media Monkey also or my entire collection would have been toast. My AV software never detected the viruses. I loaded the free Windows AV software and it found two more. My PC is still missing a lot of shortcuts and possibly some programs but did notice a bunch of extra directories now. I will give the unhide utility a try.

Like a couple of other people have said, when I got to the part where I needed to run TDSSKiller it just wouldn't run. I double clicked on tdsskiller.exe and it just didn't do anything. But reading one of the other posts gave me the idea of renaming the file (i called it whatever.exe instead) then trying to run it - and that did the trick.

I figure (some versions of) System Fix has some sort of lookup file that it uses to try and prevent certain helpful files (such as "tdsskiller.exe") from running. So renaming it allows it to slip through.

Please Please help. I have tried running Spyware doctor and malwarebytes in both normal and safemoode, both scans never complete! I can unhide my files but I've done something to hide system fix from appearing when I run the laptop so I cant use the registration key above! So stressed :(

Well, I completed the "unhide.exe" and the "tdsskiller.exe"...seem to work fine. Did not find anything using the "tdsskiller.exe"...appear per the Admins comments above that is fine.I then ran the "STOPzilla_Setup.exe" and it all went fine until the end. I got a "Message 1906. Failed to cache package C:\WINDOWS\Installer\2b756d.msi. Error:-2147287010" The STOPzilla pop up box asks me if I want to "Try Again" or "Cancel". When I click "Try Again" it does not work and the same box pops back up.Please tell me what to do next.

I helped a friend with this "Sistem Fix" problem . Interesting to find that this came from a fake adobe update .. Hitman Pro 3.5 would do the best job .http://www.surfright.nl/en/downloads/You'll have 30 days to remove all the scam on your PCs , just register for free .

I am baffled by this... My Malware software (malwarebytes) doesnt even pick this virus up! It identifies 2 things which I clear, then I restart and the problem is still there! This is hopeless, I am going round in circles... any suggestions!?

malwarebytes and STOPzilla(from step 4) both cannot be installed. Seems like the system fix blocked them somehow. I used Combo Fix and it worked great. Just rename the setup file something else so that system fix doesn't recognize it and block it.

Hi there - thanks so much for the fix, worked a treat for me on a colleague's computer. I'm fairly sure though that this may also be linked to some sort of browser jijacker which has been hanging around hijacking google search results since she previously clicked ok on something she shouldn't have...

At the time, we removed that but haven't been able to stop the hijacker. Google will bring up results but actually clicking on the link takes you somewhere else entirely... always a buy/win/etc page that's clearly bogus.

- Windows 7 Home Premium 64bit.- Comodo firewall and antivirus installed. All up to date.- Had firefox open on what I consider are reasonable websites - Amazon, Youtube. Nothing dodgy. No emails opened, nothing installed etc etc. I'm an IT guy of 15 years and have enough experience with this, trust me.- Received an alert from comodo that ".exe was 'sandboxed' by Comodo. This, I assume, is supposed to mean it runs in a ring-fenced environment, no? Seems it didn't... This alert from Comodo is info only - I can't allow or block or anything.- Shortly afterwards, .exe is trying to access the Internet. I immediately said Block. Got another alert immediately for a second .exe - same procedure - blocked. - Honestly, I noticed the hard disk was working quite hard and simply put it down to another of Windows 7' Indexing features, or suchlike.- Some minutes later, I received multiple cascaded alerts about "delayed write failed". Press cancel to reboot, if I remember correctly. Immediately rebooted, and I was already thinking about the past events and telling myself "virus! I'll be surprised if this machine comes back up". But it did...- I had lost half my desktop icons, most of my start menu links, files were hidden in Explorer.I have multiple drives, and only shortcuts pointing to this drive were affected, the ones pointing to my E drive were OK. Same applies to the hidden files in Explorer - C:\ drive mostly hidden, d:\ drive, half. E:\drive - not touched. Seems I 'interrupted' the virus during the reboot.- Googled a bit and found the following, all time and date stamped from the previous 15 minutes:

C:\Users\spanko\AppData\Local\Temp\0.7212855055993831fdrgs.exe 460KBC:\Users\spanko\AppData\Local\Temp\0.8845776377071477fdrgs.exe 460KBc:\ProgramData\.exe 460KB (don't have exact filename, but similar to above).

I scanned these with Comodo - nothing found!

Shift-deleted them.

- Unclean.exe worked, replacing all icons and unhiding the files in explorer.- TDSSKiller found nothing

My son's computer got this the other night and I tried using TDSSKiller, loaded it onto a flash drive from my laptop, then tried to load it onto his from the flash drive. Worked fine, except when I got the screen saying I needed to pay or enter the registration key.

Now, I have absolutely no problem paying for this if it will work, but even if I did pay for this, I can't get online with my son's laptop to enter the registration code. How do people get around this if the virus has denied you getting online?

Please help, as he has a lot of school work on his laptop that we'd like to try and get back :(

OUTSTANDING!!!MS Security Essentials nor SpyBot S&D could not locate or or do anything about this System Fix crap, but your procedure nailed it!I'm a fat happy boy right now!The DW will be even happier.

I have succesfully removed the "system fix" but I still have the problem that many of the programms in the start menu are missing.I already tried unhide.exe several times and also used restoresm.bat -> the problem is still there.

About 20-40mins ago, my dad contracted this malware and then started clicking in panic, now safe mode won't load, windows repair won't load, and because it's a laptop that uses a fn key to use functions (much like using a shift key to type a dollar sign) I can't load boot options to have it read the cd first before the Hdd. I'm thinking to either connect a separate keyboard in hopes I can use that to access the boot options or to remove the hdd and use an old pc to fix the drive from an external drive pov. Judging by what I've read thus far, I assume this malware dled something else that is destroying system files or something else dled from whatever site he shouldn't have been on as well.

My computer was infected with System Fix a while ago. Thanks to the info of this and other forums, i managed to get rid of it and got everything working as usual again.

The only "problem" I still have is the following: System Fix is still in my Start Menu (the exe-file and uninstall-file) and at my desktop, there's still a shortcut to the exe-file.Can I just delete those manually (shift - delete)? I'm afraid to touch those files and to get the virus going again by doing so...

OK, I've got the virus and rootkit removed. (@Denny..yes, just delete those leftover shortcuts to 'System Fix'.)BUT... I still don't have all my shortcuts restored. I tried 'unhide.exe' and 'restorem.bat' I got my Desktop shortcuts back, and I got my Start Menu FOLDER back.. but none of the shortcuts within the Start Menu Folders. Anyone have any suggestions??

Blog Archive

Blogroll

Rate This Blog or Leave a Review

About Me

Hi there, and welcome to my humble web presence. I'm Michael Kaur. Malware squasher, geek, and blogger based in Los Angeles, CA. If you'd like to contact me, the easiest way is through email given below or Google+. Simply add me to your Google Plus circles.

DisclaimerThis is a self-help guide. Use at your own risk. Deletemalware.blogspot.com can not be held responsible for problems that may occur by using this information.

About the blogThis blog provides reliable information about the latest computer security threats including spyware, adware, browser hijackers, Trojans and other malicious software. We do NOT host or promote any malware (malicious software). We just want to draw your attention to the latest viruses, infections and other malware-related issues. The mission of this blog is to inform people about already existing and newly discovered security threats and to provide assistance in resolving computer problems caused by malware.